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A SHORTENED STATUTORY PERIOD FOR REPLY IS SET TO EXPIRE 3 MONTH(S) OR THIRTY (30) DAYS, 
WHICHEVER IS LONGER, FROM THE MAILING DATE OF THIS COMMUNICATION. 

- Extensions of time may be available under the provisions of 37 CFR 1 .136(a). In no event, however, may a reply be timely filed 
after SIX (6) MONTHS from the mailing date of this communication. 

- If NO period for reply is specified above, the maximum statutory period will apply and will expire SIX (6) MONTHS from the mailing date of this communication. 

- Failure to reply within the set or extended period for reply will, by statute, cause the application to become ABANDONED (35 U.S.C. § 133). 
Any reply received by the Office later than three months after the mailing date of this communication, even if timely filed, may reduce any 
earned patent term adjustment. See 37 CFR 1 .704(b). 

Status 

1 )KI Responsive to communication(s) filed on 07 July 2009 . 
2a )^ This action is FINAL. 2b)D This action is non-final. 

3) D Since this application is in condition for allowance except for formal matters, prosecution as to the merits is 

closed in accordance with the practice under Ex parte Quayle, 1935 CD. 11, 453 O.G. 213. 

Disposition of Claims 

4) |EI Claim(s) 2-8, 10-17,35-41 and 43-62 is/are pending in the application. 

4a) Of the above claim(s) is/are withdrawn from consideration. 

5) D Claim(s) is/are allowed. 

6) 13 Claim(s) 2-8.10-17.35-41 and 43-62 is/are rejected. 

7) 0 Claim(s) is/are objected to. 

8) D Claim(s) are subject to restriction and/or election requirement. 

Application Papers 

9) Q The specification is objected to by the Examiner. 

10) D The drawing(s) filed on is/are: a)D accepted or b)D objected to by the Examiner. 

Applicant may not request that any objection to the drawing(s) be held in abeyance. See 37 CFR 1.85(a). 
Replacement drawing sheet(s) including the correction is required if the drawing(s) is objected to. See 37 CFR 1.121(d). 

1 1) D The oath or declaration is objected to by the Examiner. Note the attached Office Action or form PTO-152. 

Priority under 35 U.S.C. § 119 

12) D Acknowledgment is made of a claim for foreign priority under 35 U.S.C. § 119(a)-(d) or (f). 
a)D All b)D Some * c)D None of: 

1 .□ Certified copies of the priority documents have been received. 

20 Certified copies of the priority documents have been received in Application No. . 

3.Q Copies of the certified copies of the priority documents have been received in this National Stage 
application from the International Bureau (PCT Rule 17.2(a)). 
* See the attached detailed Office action for a list of the certified copies not received. 
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DETAILED ACTION 

Acknowledgements 

1 . The Applicants amendment filed on July 7, 2009 is hereby acknowledged, 
Claims 2-8, 10-17, 35-41 and 43-62 remain pending . 

Response to Arguments 

2. Applicant's arguments with respect to the pending claim have been considered but 
are moot in view of the new ground(s) of rejection. 

Claim Rejections - 35 USC § 112 

3. The following is a quotation of the second paragraph of 35 U.S.C. 1 12: 

The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the 
subject matter which the applicant regards as his invention. 

Claims 2, 14, 35, 43, 47, 5 1 and 59 rejected under 35 U.S.C. 1 12, second paragraph, as 
being indefinite for failing to particularly point out and distinctly claim the subject matter 
which applicant regards as the invention. These claims contain the term " a protocol 
substantially in compliance with the Kerberos protocol" the claim language fails to 
impose any limitation upon the claimed invention and is therefore indefinite. 



Claim Rejections - 35 USC § 103 

The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 
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A patent may not be obtained though the invention is not identically disclosed or described as set forth in section 
102 of this title, if the differences between the subject matter sought to be patented and the prior art are such that 
the subject matter as a whole would have been obvious at the time the invention was made to a person having 
ordinary skill in the art to which said subject matter pertains. Patentability shall not be negatived by the manner 
in which the invention was made. 

Claims 2-8, 10-17, 35-41 and 43-62 are rejected under 35 U.S.C. 103(a) as being 
unpatentable over Medvinsky et al. (US Patent2003/0093694) in view of Sirbu et al (US 
Patent 5,809,144) and further in view of Howard et al. (US Patent 6,678,731). 

4. As per claims 7, 8, 13, 17, 40-41, 46, 52, 56, 58 and 62 

Medvinsky et al. ('694) discloses a method of generating a service ticket for a requested 
Service comprising: 

receiving by a granting service of a computing device, the computing device being 
different and distinct from a client, a request for a Service Ticket from the client; 
(Paragraph 39 and 41) 

Medvinsky et al. ('694) does not explicitly disclose the the granting service, determining 
if that the requested service is provided by a plurality of servers; and the granting service 
generating a session key; for each providing server, encrypting the session key with a 
secret key associated with each respective server; creating a Service Ticket that includes 
the encrypted session keys for the plurality of providing servers; 
Howard et al. ('731)discloses the granting service, determining if that the requested 
service is provided by a plurality of servers;(column 3, lines 16-36 - access granted to 
multiple web servers) and the granting service generating a session key; for each 
providing server,(column 7, lines 48-56) encrypting the session key with a secret key 
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associated wit h each respective server; creating a Service Ticket that includes the 
encrypted session keys for the plurality of providing servers; ( Column 7, lines 10-15 - 
data is encrypted, column 7, lines 48-67 - generation of the ticket; Column 9, lines 66 - 
column 10 line 14 - embodiment where each server has unique value in the ticket, (i.e. 
key associated with each server). It would have been obvious to a person of ordinary skill 
in the art at the time of the invention to combine the Medvinsky et al. ('694) with the 
Howard et al. ('73 1) method in order to allow the client to utilize secure applications via 
ticket. 

Medvinsky ct al. ('694) docs not explicitly disclose transmitting the service ticket to the 
client, Sirbu et al.(' 1443), discloses transmitting the service ticket to the client (Figure 4 
). It would have been obvious to a person of ordinary skill in the art at the time of the 
invention to combine the Medvinsky et al. ('694) with the Sirbu et al. ('144) method in 
order to allow the client to utilize the ticket; furthermore the combination of these 
elements does not alter their respective functions, and the combination would have 
yielded predictable results to one of ordinary skill in the art at the time of the invention.. 
In regard to claim 8 the Examiner notes that the term "cipher text" is equivalent to the 
"session key". 

Applicant(s) are reminded that optional or conditional elements do not narrow the claims 
because they can always be omitted. See e.g. MPEP §2106 II C: "Language that suggest 
or makes optional but does not require steps to be performed or does not limit a claim to a 
particular structure does not limit the scope of a claim or claim limitation. [Emphasis in 
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original] " As a matter of linguistic precision, optional elements do not narrow the claim 
because they can always be omitted. 

5. As per claims 2, 10, 14, 35, 43, 47, 51 and 59 

Medvinsky et al. ('694) discloses the method of claim 7, further including: 
a granting service (Abstract, paragraph 28 ) 

generating a Ticket-Granting-Ticketing utilizing a protocol substantially in compliance 
with the Kerberos protocol; and wherein receiving a request for a Service Ticket from a 
client further includes receiving the Ticket-Granting-Ticket from the client. (Abstract 
Figure 4) 

6. As per claim 3 and 36, 

Medvinsky et al. ('694) discloses the method of claim 7, 

wherein upon the granting service determining that the requested service is provided by a 
plurality of servers, the granting service further determining a number of the servers 
designated to provide the requested service and encrypting a cipher text with each of the 
session keys; wherein the determining includes: the granting service utilizing a database 
that maps a generic server name to a specific server name; and the granting service 
setting the numbers of servers designated to provide the service equal to the number of 
specific server names mapped to the generic server name that provides the requested 
service. (Figure 2). 
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As per claims 4 and 37, 

7. Medvinsky et al. ('694) discloses the method of claim 3, 

Medvinsky et al. ('694) does not explicitly disclose wherein determining the number of 
servers designated to provide the requested service includes: utilizing a database that 
maps a generic server name to a specific server name; and setting the numbers of servers 
designated to provide the service equal to the number of specific server names mapped to 
the generic server name that provides the requested service. McCarty et al.('020), 
discloses wherein determining the number of servers designated to provide the requested 
service includes: utilizing a database that maps a generic server name to a specific server 
name; and setting the numbers of servers designated to provide the service equal to the 
number of specific server names mapped to the generic server name that provides the 
requested service. (Column 2, lines 42-50). It would have been obvious to a person of 
ordinary skill in the art at the time of the invention to combine the Medvinsky et al. 
('694) with the McCarty et al.('020) method in order to allow centralized control of 
access to servers; furthermore the combination of these elements does not alter their 
respective functions, and the combination would have yielded predictable results to one 
of ordinary skill in the art at the time of the invention. 

As per claims 5 and 38, 49, 55 and 61 

Medvinsky et al. ('694) discloses the method of claim 3, 

wherein the secret keys associated with each providing server are not synchronized across 
the providing servers. (Paragraph 45 - key is kept secret) 
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As per claims 6 and 39, 

Medvinsky et al. ('694) discloses the method of claim 3, wherein the created Service 
Ticket includes: 

a header that designates the Service Ticket as a format that includes multiple encrypted 
session keys, a field that expressly designates the number of encrypted session keys, an 
encrypted session key for each providing server, and the encrypted cipher 
text.(Paragrpahs 137-145, in paragraph 138, target protocol is equivalent to "format") 
Examiner notes that stored data that is not functionally related to the memory in which it 
is stored (e.g format of the header data) it does not distinguish the claimed apparatus, 
method, and system from the prior art {In re Gulack, 217 USPQ 401 (Fed. Cir. 1983), In 
re Ngai, 70 USPQ2d (Fed. Cir. 2004), In re Lowry, 32 USPQ2d 1031 (Fed. Cir. 1994); 
MPEP 2106.01). 

8. As per claims 11, 12, 44 and 45, 

Medvinsky et al. ('694) discloses the method of claim 13, 

wherein the receiving server decrypting the encrypted session key includes: the receiving 
server determining a number of the plurality of encrypted session keys included within 
the received Service Ticket; for each encrypted session key, the receiving server 
decrypting the encrypted session key utilizing a secret key associated with the receiving 
server; and wherein the receiving server decrypting the cipher text utilizing the decrypted 
session key includes for each encrypted session key, the receiving server attempting to 
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decrypt the cipher text with the decrypted session key; if the cipher text is successfully 
decrypted, the receiving server providing the service to the client, (paragraphs 35-37) 

9. As per claims 14,15, 48, 51, 54, 57 and 60 
Medvinsky et al. ('694) discloses the method of claim 13, 
wherein the receiving server receiving a Service Ticket includes: 
a managing agent first receiving a Service Ticket; 

the managing agent selecting the receiving server from a server pool having a plurality of 
servers; routing the Service Ticket to the receiving scrvcr.(Paragraphs 28, 34-36 -KDC 
server) 

Conclusion 

Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to JOHN M. WINTER whose telephone number is 
(571)272-6713. The examiner can normally be reached on M-F 8:30-6, 1st Fridays off. 
If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Calvin Hewitt can be reached on (571) 272-6709. The fax phone number for 
the organization where this application or proceeding is assigned is 571-273-8300. 
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Information regarding the status of an application may be obtained from the Patent 
Application Information Retrieval (PAIR) system. Status information for published 
applications may be obtained from either Private PAIR or Public PAIR. Status 
information for unpublished applications is available through Private PAIR only. For 
more information about the PAIR system, see http://pair-direct.uspto.gov. Should you 
have questions on access to the Private PAIR system, contact the Electronic Business 
Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO 
Customer Service Representative or access to the automated information system, call 
800-786-9199 (IN USA OR CANADA) or 571-272-1000. 

JMW 



/Calvin L Hewitt II/ 

Supervisory Patent Examiner, Art Unit 3685 



